[FX.php List] Fwd: spam and php fmp sites
Joel Shapiro
jsfmp at earthlink.net
Thu Oct 18 17:44:16 MDT 2007
Thanks Dan
That looks pretty cool... Kind of a text-based captcha, right?
I'll pass it along as another option.
-
Thanks everyone for all your suggestions!
Best,
-Joel
On Oct 18, 2007, at 1:15 PM, DC wrote:
> i've had success with this script that spells out numbers in
> english and then you ask the person to type the number. not good
> for a widespread commercial app, but good (and the technique is
> obscure) for a small site.
>
> function ConvertThree ($intArgNumber, $dispAnd = false)
> {
> $intNumber = '';
> $strNumConv = '';
>
> $aySmall = array('Zero', 'One', 'Two', 'Three', 'Four', 'Five',
> 'Six', 'Seven', 'Eight', 'Nine');
> $ayMedium = array('Zero', 'Ten', 'Twenty', 'Thirty', 'Forty',
> 'Fifty', 'Sixty', 'Seventy', 'Eighty', 'Ninety');
> $ayLarge = array('Ten', 'Eleven', 'Twelve', 'Thirteen',
> 'Fourteen', 'Fifteen', 'Sixteen', 'Seventeen', 'Eighteen',
> 'Nineteen');
>
> if ($intArgNumber > 99) $strNumConv .= $aySmall[$intArgNumber/
> 100] . " Hundred";
> if (($dispAnd == true) and ($intArgNumber > 99)) $strNumConv .=
> " and ";
>
> $intNumber = $intArgNumber % 100;
> if ($intNumber > 19) {
> if ($intArgNumber > 99) $strNumConv .= " ";
>
> $strNumConv .= $ayMedium[$intNumber/10];
> if ($intNumber % 10 > 0) $strNumConv .= " " . $aySmall
> [$intNumber % 10];
>
> } elseif ($intNumber > 9) {
> if ($intArgNumber > 99) $strNumConv .= $ayLarge
> [$intNumber-10];
> } elseif ($intNumber > 0) {
> if ($intArgNumber > 99) $strNumConv .= " ";
> $strNumConv .= $aySmall[$intNumber];
> }
> return $strNumConv;
> }
>
> dan
>
> Alex Gates had written:
>> What about this:
>> Make a hidden form field and give it a generic name that the bots
>> will go for - "name" or "URL" or something that isn't already in
>> use - and give it a value of "".
>> The bots look for generic names - and it won't really know if it
>> is hidden or not...
>> Then, simply reject any submission that has a value in the hidden
>> field.
>> Any legitimate submission from a real user won't have anything in
>> that field, since it is a hidden field - but a bot will fill
>> something in...
>> Alex
>> Joel Shapiro wrote:
>>> Hi all
>>>
>>> I'm forwarding something from a local colleague. He's got a site
>>> that's getting hit with form submissions by spammers.
>>>
>>> He works for a school district. The site is not meant for the
>>> general public, although it is apparently publicly available and
>>> is not password protected.
>>>
>>> Any quick suggestions for them?
>>>
>>> (Sorry the post is so long, but I figured I might as well forward
>>> his whole message.)
>>>
>>> Thanks,
>>> -Joel
>>>
>>>
>>> Begin forwarded message:
>>>
>>>> Subject: spam and php fmp sites
>>>>
>>>> Any suggestions on how to stop spam from being submitted on a
>>>> PHP FileMaker
>>>> web registration solution, running on a Windows 2003 Server with
>>>> FMAS9?
>>>>
>>>> The solution does not ask for any password. Users can hit it
>>>> over the web.
>>>> I am not sure how spammers found it if not from webbots....
>>>>
>>>> One of the functions of the solution is to allow users to send a
>>>> suggestion
>>>> via email. The user goes to a page where they fill in a
>>>> suggestion text
>>>> field and hit a submit button which creates are record and
>>>> generates an
>>>> email message with to a backend fmp user with the contents of
>>>> the suggestion
>>>> field they filled out.
>>>> -------------Some spam is beig generated from this function
>>>> where the emails
>>>> sent contain spam url's that heve been entered into the
>>>> suggestion text
>>>> field.
>>>>
>>>> Another function of the solution is where users can register for
>>>> a workshop.
>>>> They choose a workshop from a list and then fill in their user
>>>> information
>>>> and then click a "register" (submit) button which creates a new
>>>> record in
>>>> the solution. Spam URL's are appearing in the user background
>>>> infomration
>>>> text fields from these bogus registrations.
>>>>
>>>> I was thinking that if I required authentication from one
>>>> account therefore
>>>> giving all users of the system the same password would prevent
>>>> the spam.
>>>>
>>>> or
>>>>
>>>> The instead of FM authentication, make it look like there is a
>>>> password
>>>> needed by giving out to all users a universal password which is
>>>> actually
>>>> just a phrase they enter into a field when first entering the
>>>> solution and
>>>> clicking on a submit button which does a search for that
>>>> phrase...if the
>>>> phrase is not correct they are sent to an error page if it is
>>>> found they are
>>>> taken to the registration menu.
>>>>
>>>> Any ideas on how to stop this? Is anyone encountering similar
>>>> problems...where spammers are filing out forms and submitting
>>>> them with SPAM
>>>> content??
>>>>
>>>> Thanks for your help!
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
More information about the FX.php_List
mailing list